1. Field of the Invention
The present invention relates to the protection of computer systems. More particularly, the present invention relates to an incident management system and method.
2. Description of the Related Art
Incident management systems are capable of detecting actual and suspected internal and external intrusions, e.g., stealth scans, and denial-of-service attacks. The actual and suspected internal and external intrusions and denial-of-service attacks are referred to as threats. The detection of a threat by an incident management system is referred to as an event. Generally, an event is an occurrence of some importance, e.g., has been identified as an occurrence that is to be monitored, and frequently one that has antecedent cause, e.g., is associated with malicious code.
Typically, the incident management system forwards the events to a central event manager. The central event manager may also receive events from other incident management systems. This provides an administrator of the central event manager information on all of the events on a network or a plurality of networks being monitored by the central event manager. However, administrators presented with a set of events will rarely find the requisite course of action is obvious.